so i have a domain www.example.com and i have an app that access some dir in the domain to get json data for example www.example.com/phonegapdata/index.php
anyone can get the data if they want by typing the url or via getjson i am using the following code
$.getJSON(url,{ name: "John", time: "2pm" }, function(data) {
console.log(data);
}); //getJS
How can i make it secure so that only my app, can access it.? Is there a way to make it more secure.?
The way to "secure" any web endpoint is:
1) restrict access to files, directories, and/or service endpoints.
This, in turn, means that you must:
2) provide some means of authentication. The server needs to know "who" is requesting access in order to permit or deny that access.
SUGGESTIONS:
Familiarize yourself with "HTTP Basic Authentication"
Configure your web site to authenticate. Verify that you can access the items you want with a username and password in your browser. Verify that you cannot access the items you want to restrict without the right credentials.
If you don't want users to enter a username and password themselves, then simply program your phonegap app to send username and password in the HTTP headers when it connects to your server. For example:
PhoneGap FileTransfer with HTTP basic authentication
authHeaderValue = function(username, password) {
var tok = username + ':' + password;
var hash = btoa(tok);
return "Basic " + hash;
};
options.headers = {'Authorization': authHeaderValue('Bob', '1234') };
Once you get this working, you can substitute something more sophisticated. But this should get you started in the right direction.
